Rules and regulations are essential to any well managed organization. Standards are valuable to our clients because of the cost savings, faster support and reliable technology infrastructure. They serve to establish uniform practices and common techniques used as guidelines to measure performance.

For example, with one standard email system, a small number of administrators can maintain a system supporting all of state government. If the state had two email systems, the number of administrators and support staff would double with no corresponding benefit in functionality. The same principle applies to system designs, writing programs and setting up operations in a data processing center. All of which require certain individual skills, standard policies, procedures and equipment.

Vendors who are actively pursuing IT business opportunities with the State of South Dakota must also comply with the Information Technology Security Policy. For security purposes, this content is not for public consumption, however a modified version is available for you here.

The ITSP policies protect State IT resources against destruction, loss, unauthorized access, change, misuse and disruption or denial of service.

Information technology security is based on:

Confidentiality - Ensuring that only authorized individuals can access information.

Integrity - Ensuring the consistency, accuracy, and trustworthiness of information.

Availability - Ensuring that the State’s IT system and services are dependable.

Each policy in the ITSP follows one or more of these principles. Any departure from the ITSP must be in the project’s contract and approved by the State’s Chief Information Security Officer (CISO).

Maintenance Agreements

Clients and Vendors must have annual maintenance agreements for any Commercial Off the Shelf (COTS) product purchased for the State. If there is no maintenance contract, then the State agency must have a plan to:

Web Development

The State can perform security, load, vulnerability, PCI compliance, functional, and performance tests and scans on any product purchased by the State at any time. If the tests or scans show requirements were not met, the State can require fixes or adjustments be made either as part of a maintenance contract or before final payment.

All contracted websites and applications hosted by the State must meet the web standards and operate on the State’s system. Once code for a website or product is submitted by a Vendor, it will be uploaded to a test area on the State’s system. BIT staff will do load testing, security and vulnerability testing and PCI compliance testing along with performance testing as needed.

If the website or application meets the State’s web standards and requirements, it will be accepted by the State and go into user acceptance testing, if needed.

If the website or product does not meet the standards and/or requirements, the Vendor will be told why. The Vendor will make needed changes and the website or product be re-tested.

If the website will be developed by the Vendor and hosted by the State, it must meet these web standards.

The State may take the website down (or if hosted by the Vendor require the Vendor to take it down) if there is security, performance issues, or unsuitable content. If the Vendor is at fault, the contract payments may be suspended by the State. If there is a blatant failure by the Vendor’s then the State, at the State’s discretion, may be reimbursed.